src/Controller/SecurityController.php line 86

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\CustomerDetail;
  6. use App\Entity\DeviceKey;
  7. use App\Entity\PageDesign;
  8. use App\Entity\Plan;
  9. use App\Entity\ResetPassword;
  10. use App\Entity\User;
  11. use App\Entity\Workspace;
  12. use App\Form\RegisterUserType;
  13. use App\Repository\PageDesignRepository;
  14. use App\Repository\ResetPasswordRepository;
  15. use App\Repository\UserRepository;
  16. use App\Security\LoginFormAuthenticator;
  17. use App\Service\MailService;
  18. use App\Service\UserService;
  19. use App\Utils\CommonFunctions;
  20. use App\Utils\Commons;
  21. use App\Utils\UserValidator;
  22. use DateTime;
  23. use DateTimeZone;
  24. use Doctrine\ORM\NonUniqueResultException;
  25. use Doctrine\ORM\NoResultException;
  26. use Exception;
  27. use ReCaptcha\ReCaptcha;
  28. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  29. use Symfony\Component\Form\Extension\Core\Type\EmailType;
  30. use Symfony\Component\Form\Extension\Core\Type\PasswordType;
  31. use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
  32. use Symfony\Component\HttpFoundation\JsonResponse;
  33. use Symfony\Component\HttpFoundation\RedirectResponse;
  34. use Symfony\Component\HttpFoundation\Request;
  35. use Symfony\Component\HttpFoundation\Response;
  36. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  37. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  38. use Symfony\Component\Routing\Annotation\Route;
  39. use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
  40. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  41. use Symfony\Component\Form\FormError;
  42. use Symfony\Contracts\Translation\TranslatorInterface;
  43. use Twig\Error\LoaderError;
  44. use Twig\Error\RuntimeError;
  45. use Twig\Error\SyntaxError;
  47. class SecurityController extends AbstractController
  48. {
  50.     /**
  51.      * Frontend Login Page
  52.      * Accepts symfony's built-in guard authentication provider to authenticate user
  53.      * which is configured in security.yaml under firewall.
  54.      * Throws authenticationUtils error if user does not exists.
  55.      * Check LoginFormAuthenticator to see user token based authentication.
  56.      *
  57.      * @Route("/", name="app_login")
  58.      * @param Request $request
  59.      * @param AuthenticationUtils $authenticationUtils
  60.      * @param PageDesignRepository $pageDesignRepository
  61.      * @param CommonFunctions $commonFunctions
  62.      * @return Response
  63.      */
  64.     public function login(Request $requestAuthenticationUtils $authenticationUtilsPageDesignRepository $pageDesignRepositoryCommonFunctions $commonFunctions): Response
  65.     {
  66.         // Redirect if user already authenticated
  67.         if ($this->isGranted('ROLE_ADMIN') || $this->isGranted('ROLE_USER')) {
  68.             return $this->redirectToRoute('dashboard_index');
  69.         } else if ($this->isGranted('ROLE_BACKEND_USER')) {
  70.             return $this->redirectToRoute('admin_dashboard_index');
  71.         }
  73.         // get the login error if there is one
  74.         $error $authenticationUtils->getLastAuthenticationError();
  75.         // last username entered by the user
  76.         $lastUsername $authenticationUtils->getLastUsername();
  79. //        dump($commons::$localeList);
  80. //        die;
  82.         return $this->render('security/login.html.twig',
  83.             [
  84.                 'last_username' => $lastUsername,
  85.                 'error' => $error,
  86.                 'page_design' => $commonFunctions->findFirstByPageDesignType($pageDesignRepositoryPageDesign::LOGIN_TYPE$request->getLocale())
  87.             ]
  88.         );
  89.     }
  91.     /**
  92.      * Reset Password Page
  93.      * Send password reset mail to registered users.
  94.      *
  95.      * @Route("/verify/password/send/mail", name="app_password_send_mail" )
  96.      * @param Request $request
  97.      * @param UserRepository $userRepository
  98.      * @param UserService $userService
  99.      * @param MailService $mailService
  100.      * @param TranslatorInterface $translator
  101.      * @param null $user
  102.      * @return Response
  103.      */
  104.     public function sendEmailPasswordLink(Request $requestUserRepository $userRepositoryUserService $userServiceMailService $mailServiceTranslatorInterface $translator$user null): Response
  105.     {
  106.         $form $this->createFormBuilder()->add('email'EmailType::class)->getForm();
  107.         $form->handleRequest($request);
  108.         $sent false;
  109.         if ($form->isSubmitted() && $form->isValid()) {
  110.             $sent true;
  111.             $user $userRepository->findOneBy(['email' => $form->get('email')->getData()]);
  113.             if (is_object($user)) {
  115.                 $resetPassword $userService->checkAndCreatePasswordResets($user);
  116.                 try {
  117.                     $mailService->sendPasswordResetEmail($user$resetPassword);
  118.                 } catch (LoaderError RuntimeError SyntaxError $e) {
  119.                     $this->addFlash("success"$translator->trans("email.sending_error"));
  120.                 }
  121.             }
  122.             //no validation anymore!
  123.             //else {
  124.               //  $form->get('email')->addError(new FormError($translator->trans('msg.email_not_found')));
  125.            // }
  126.         }
  128.         return $this->render('security/verify.password.mail.html.twig', [
  129.             'resetPassword' => $form->createView(),
  130.             'sent' => $sent
  131.         ]);
  132.     }
  134.     /**
  135.      * Confirm Password entry page.
  136.      * Accepts unique identifier and registered email.
  137.      * User redirected to this url only after email is triggered to their respective inbox.
  138.      *
  139.      * @Route("/reset/password", name="app_reset_password", methods={"GET","POST"})
  140.      * @param Request $request
  141.      * @param LoginFormAuthenticator $loginFormAuthenticator
  142.      * @param GuardAuthenticatorHandler $guardHandler
  143.      * @param UserValidator $userValidator
  144.      * @param TranslatorInterface $translator
  145.      * @param ResetPasswordRepository $resetPasswordRepository
  146.      * @param UserRepository $userRepository
  147.      * @param UserPasswordHasherInterface $userPasswordHasher
  148.      * @param int $flag
  149.      * @return Response
  150.      * @throws NonUniqueResultException
  151.      */
  152.     public function recoverPassword(Request $requestLoginFormAuthenticator $loginFormAuthenticatorGuardAuthenticatorHandler $guardHandlerUserValidator $userValidatorTranslatorInterface $translatorResetPasswordRepository $resetPasswordRepositoryUserRepository $userRepositoryUserPasswordHasherInterface $userPasswordHasher$flag 0): Response
  153.     {
  154.         if ($this->getUser() !== null) {
  155.             throw new NotFoundHttpException("You are logged in!");
  156.         }
  157.         $resetPassword $resetPasswordRepository->findByIdentifier($request->query->get('email'), $request->query->get('identifier'));
  158.         if (!$resetPassword) {
  159.             throw new NotFoundHttpException($translator->trans('msg.email_not_found'));
  160.         }
  161.         $user $userRepository->find($resetPassword->getUser());
  162.         if (!is_object($user)) {
  163.             throw new NotFoundHttpException($translator->trans('msg.email_not_found'));
  164.         }
  165.         // create password reset form
  166.         $form $this->createFormBuilder($user)->add('password'RepeatedType::class, [
  167.             'type' => PasswordType::class,
  168.             'invalid_message' => 'Password must match.',
  169.             'first_options' => ['label' => $translator->trans('user.form.password')],
  170.             'second_options' => ['label' => $translator->trans('confirm_password.confirm')],
  171.         ])
  172.             ->setAction($this->generateUrl('app_reset_password', ['email' => $request->query->get('email'), 'identifier' => $request->query->get('identifier')]))
  173.             ->setMethod('POST')
  174.             ->getForm();
  175.         $form->handleRequest($request);
  177.         if ($form->isSubmitted() && $form->isValid()) {
  179.             $password $userValidator->validatePassword($form->get('password')->getData());
  180.             if ($password == null) {
  181.                 $form->get('password')->get('first')->addError(new FormError($translator->trans('msg.password_validator_error')));
  182.                 $html $this->renderView('user/recover.password.html.twig', [
  183.                     'form' => $form->createView(),
  184.                     'flag' => $flag,
  185.                 ]);
  186.                 return new Response($html400);
  187.             }
  189.             $em $this->getDoctrine()->getManager();
  190.             // encode password with PasswordEncoder service
  191.             $user->setPassword($userPasswordHasher->hashPassword($user$password));
  192.             $em->persist($user);
  193.             // successfully reset password flag to display message
  194.             $role $user->getRoles();
  195.             $user->setResetPassword(null);
  196.             $em->persist($user);
  197.             $em->flush();
  199.             $em->remove($resetPassword);
  200.             $em->flush();
  203.             if ($role[0] == 'ROLE_BACKEND_USER') {
  204.                 return $this->redirectToRoute('backend_login');
  205.             } else {
  206.                 //login with the user
  207.                 return $guardHandler->authenticateUserAndHandleSuccess(
  208.                     $user,
  209.                     $request,
  210.                     $loginFormAuthenticator,
  211.                     'main'
  212.                 );
  214.             }
  215.         }
  217.         return $this->render('user/recover.password.html.twig', [
  218.             'form' => $form->createView(),
  219.             'user' => $user
  220.         ]);
  221.     }
  224.     /**
  225.      * Symfony's default logout path
  226.      * @Route("/logout", name="app_logout")
  227.      * @throws Exception
  228.      */
  229.     public function logout()
  230.     {
  231.         throw new Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
  232.     }
  234.     /**
  235.      * @Route("/backend/logout", name="app_backend_logout")
  236.      * @throws Exception
  237.      */
  238.     public function backendLogout()
  239.     {
  240.         throw new Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
  241.     }
  243.     /**
  244.      * Redirect based on user role after logout
  245.      *
  246.      * @Route("/logout/redirect", name="redirect_after_logout")
  247.      * @return RedirectResponse
  248.      */
  249.     public function redirectAfterLogout(): RedirectResponse
  250.     {
  251.         $roles $this->getUser()->getRoles();
  252.         $userRole $roles[0];
  253.         $role "USER";
  254.         if ($userRole == 'ROLE_SUPER_ADMIN' or $userRole == 'ROLE_BACKEND_USER') {
  255.             $role "ADMIN";
  256.         }
  258. //        $this->redirectToRoute('app_logout');
  260.         if ($role == 'ADMIN') {
  261.             return $this->redirectToRoute('backend_login');
  262.         } else {
  263.             return $this->redirectToRoute('app_login');
  264.         }
  265.     }
  267.     /**
  268.      * Register Page
  269.      * Register user as customer.
  270.      *
  271.      * @Route("/register", name="app_register")
  272.      * @param Request $request
  273.      * @param PageDesignRepository $pageDesignRepository
  274.      * @param CommonFunctions $commonFunctions
  275.      * @param MailService $mailService
  276.      * @param TranslatorInterface $translator
  277.      * @param UserPasswordHasherInterface $userPasswordHasher
  278.      * @return Response
  279.      * @throws NoResultException
  280.      * @throws NonUniqueResultException
  281.      */
  282.     public function register(Request $requestPageDesignRepository $pageDesignRepositoryUserPasswordHasherInterface $userPasswordHasherMailService $mailServiceTranslatorInterface $translatorCommonFunctions $commonFunctions): Response
  283.     {
  284.         $user = new User();
  285.         $form $this->createForm(RegisterUserType::class, $user, ['is_user_registration' => true]);
  286.         $form->handleRequest($request);
  287.         $em $this->getDoctrine()->getManager();
  288.         if ($form->isSubmitted()) {
  289.             if ($form->isValid()) {
  291.                 $emailNotUsedInOldEmailField true;
  292.                 $oldEmailRecordsCount intval($em->getRepository(User::class)->checkEmailInOldEmailsUsed($user));
  293.                 if ($oldEmailRecordsCount 0) {
  294.                     $emailNotUsedInOldEmailField false;
  295.                 }
  296.                 if ($emailNotUsedInOldEmailField === true) {
  297.                     $user->setPassword($userPasswordHasher->hashPassword($user$user->generateRandomPassword()));
  299.                     $user->setUsername($user->getEmail());
  300.                     $user->setRoles([Commons::ROLE_ADMIN]); // set User role as customer
  303.                     // create new workspace for customer and credit the user.
  304.                     $workspace = new Workspace();
  305.                     $workspace->setOwner($user);
  307.                     $key md5(uniqid(rand(), true));
  308.                     $workspace->setCustomerKey($key);
  310.                     $defaultPlan $em->getRepository(Plan::class)->findOneBy(['defaultPlan' => true]);
  311.                     if (is_object($defaultPlan)) {
  312.                         $workspace->setPlan($defaultPlan);
  313.                     }
  315.                     // create new customer detail
  316.                     $customerDetail = new CustomerDetail();
  317.                     $customerDetail->setCustomer($user);
  318.                     $customerDetail->setCentralEmailAddress($user->getEmail());
  319.                     $em->persist($workspace);
  322.                     $hash hash('sha256'uniqid(rand(), true));
  323.                     $deviceKey = new DeviceKey();
  324.                     $deviceKey->setDeviceKey($hash);
  325.                     $deviceKey->setKeyType("sha_256");
  326.                     $deviceKey->setWorkspace($workspace);
  327.                     $em->persist($deviceKey);
  329.                     $user->setWorkspace($workspace);
  330.                     $em->persist($user);
  331.                     $em->persist($workspace);
  332.                     $em->persist($customerDetail);
  333.                     $em->flush();
  335.                     $numLength strlen((string)$customerDetail->getId()) + 5;
  336.                     $customerId str_pad($customerDetail->getId(), $numLength'0'STR_PAD_LEFT);
  337.                     $customerDetail->setCustomerNumber($customerId);
  338.                     $em->persist($customerDetail);
  339.                     $em->flush();
  341.                     $resetPassword = new ResetPassword();
  342.                     $resetPassword->setUser($user);
  343.                     $resetPassword->setLinkExpireDateTime(new DateTime());
  344.                     $em->persist($resetPassword);
  345.                     $em->flush();
  347.                     try {
  348.                         $mailService->sendRegistrationEmail($user$resetPassword);
  349.                     } catch (LoaderError RuntimeError SyntaxError $e) {
  350.                         $this->addFlash("success"$translator->trans("email.sending_error"));
  351.                     }
  353.                     try {
  354.                         $mailService->sendRegistrationAdminEmail($user);
  355.                     } catch (LoaderError RuntimeError SyntaxError $e) {
  356.                         $this->addFlash("success"$translator->trans("email.sending_error"));
  357.                     }
  358.                     return $this->redirectToRoute('app_register_success');
  360.                 }
  361.                 $form->get("email")->addError(new FormError($translator->trans("entity.msg.email_exists")));
  363.             }
  364.         }
  366.         return $this->render('security/register.html.twig', [
  367.             'registrationForm' => $form->createView(),
  368.             'user' => $user,
  369.             'page_design' => $commonFunctions->findFirstByPageDesignType($pageDesignRepositoryPageDesign::REGISTER_TYPE$request->getLocale())
  370.         ]);
  371.     }
  373.     /**
  374.      * Register Success Page
  375.      *
  376.      * @Route("/register/success", name="app_register_success")
  377.      * @return Response
  378.      */
  379.     public function registerSuccess(): Response
  380.     {
  381.         return $this->render('security/register_success.html.twig');
  382.     }
  384.     /**
  385.      * Backend Login Page
  386.      * Accepts symfony's built-in guard authentication provider to authenticate user
  387.      * which is configured in security.yaml under firewall.
  388.      * Throws authenticationUtils error if user does not exists.
  389.      * Check LoginFormAuthenticator to see user token based authentication.
  390.      *
  391.      * @Route("/backend", name="backend_login")
  392.      * @param AuthenticationUtils $authenticationUtils
  393.      * @return Response
  394.      */
  395.     public function backendLogin(AuthenticationUtils $authenticationUtils): Response
  396.     {
  397.         // Redirect if user already authenticated
  398.         if ($this->isGranted('ROLE_ADMIN') || $this->isGranted('ROLE_USER')) {
  399.             return $this->redirectToRoute('dashboard_index');
  400.         } else if ($this->isGranted('ROLE_BACKEND_USER')) {
  401.             return $this->redirectToRoute('admin_dashboard_index');
  402.         }
  403.         // get the login error if there is one
  404.         $error $authenticationUtils->getLastAuthenticationError();
  405.         // last username entered by the user
  406.         $lastUsername $authenticationUtils->getLastUsername();
  408.         return $this->render('security/admin-login.html.twig', ['last_username' => $lastUsername'error' => $error]);
  409.     }
  411.     /**
  412.      * @Route("/recaptcha", name="verify_recaptcha")
  413.      * @param Request $request
  414.      * @return JsonResponse
  415.      */
  416.     public function verifyRecaptcha(Request $request): JsonResponse
  417.     {
  418.         $errors = array();
  419.         $success false;
  420.         if ($request->get('token')) {
  421.             $token $request->get('token');
  423.             $recaptcha = new ReCaptcha($_ENV['GOOGLE_RECAPTCHA_SECRET']);
  424.             $resp $recaptcha
  425.                 ->setScoreThreshold(0.8)
  426.                 ->verify($token);
  428.             if ($resp->isSuccess()) {
  429.                 // Verified!
  430.                 $success true;
  431.             } else {
  432.                 $errors $resp->getErrorCodes();
  433.             }
  434.         }
  436.         return new JsonResponse(["success" => $success"errors" => $errors]);
  437.     }
  439.     /**
  440.      * @Route("/imprint", name="imprint")
  441.      * @return Response
  442.      */
  443.     public function imprint(): Response
  444.     {
  445.         return $this->render('security/imprint.html.twig');
  446.     }
  448.     /**
  449.      * @Route("/privacy", name="privacy")
  450.      * @return Response
  451.      */
  452.     public function privacyPolicy(): Response
  453.     {
  454.         return $this->render('security/privacy.html.twig');
  455.     }
  457.     /**
  458.      * @Route("/gtc", name="gtc")
  459.      * @return Response
  460.      */
  461.     public function gtc(): Response
  462.     {
  463.         return $this->render('security/gtc.html.twig');
  464.     }
  466.     /**
  467.      * @Route("/refresh", name="app_refresh")
  468.      * @return JsonResponse
  469.      */
  470.     public function refresh(): JsonResponse
  471.     {
  472.         return new JsonResponse(['success' => 1], 200, [], false);
  473.     }
  475.     /**
  476.      * @Route("/cookie/plan/{id}", name="plan_cookie")
  477.      * @param Plan|null $plan
  478.      * @return RedirectResponse
  479.      */
  480.     public function planCookie(Plan $plan null): RedirectResponse
  481.     {
  482.         if (!is_null($plan)) {
  483.             setcookie('plan_register'$plan->getId(), 0'/');
  484.         }
  485.         return $this->redirectToRoute('app_register');
  486.     }
  488.     /**
  489.      *
  490.      * @Route("/recover/email", name="app_recover_email", methods={"GET"})
  491.      * @param Request $request
  492.      * @param TranslatorInterface $translator
  493.      * @param UserRepository $userRepository
  494.      * @return Response
  495.      * @throws Exception
  496.      */
  497.     public function recoverEmail(Request $requestTranslatorInterface $translatorUserRepository $userRepository): Response
  498.     {
  500.         if ($this->getUser() !== null) {
  501.             $this->addFlash("success"$translator->trans('email_restore.error_logged_in'));
  502.             return $this->redirectToRoute('app_login');
  503.         }
  504.         if (!$request->query->has("email") || !$request->query->has("identifier")) {
  505.             $this->addFlash("success"$translator->trans('email_restore.not_found'));
  506.             return $this->redirectToRoute('app_login');
  507.         }
  508.         $user $userRepository->findOneBy([
  509.                 'oldEmail' => $request->query->get('email'),
  510.                 'emailRecoveryCode' => $request->query->get('identifier')
  511.             ]
  512.         );
  513.         if (!is_object($user)) {
  514.             $this->addFlash("success"$translator->trans('email_restore.not_found'));
  515.             return $this->redirectToRoute('app_login');
  516.         }
  518.         if ($user->getEmailRecoveryCodeExpireDateTime() < new DateTime('now', new DateTimeZone("UTC"))) {
  519.             $this->addFlash("success"$translator->trans('email_restore.key_expired'));
  520.             return $this->redirectToRoute('app_login');
  521.         }
  523.         $em $this->getDoctrine()->getManager();
  524.         $user->setEmail($user->getOldEmail());
  525.         $user->setEmailRecoveryCodeExpireDateTime(null);
  526.         $user->setEmailRecoveryCode(null);
  527.         $user->setOldEmail(null);
  528.         $em->persist($user);
  529.         $em->flush();
  530.         $role $user->getRoles();
  532.         if ($role[0] == 'ROLE_BACKEND_USER') {
  533.             return $this->redirectToRoute('backend_login');
  534.         } else {
  535.             $this->addFlash("success"$translator->trans('email_restore.success'));
  536.             return $this->redirectToRoute('app_login');
  537.         }
  539.     }
  541. }